Blame - roles/magnum/tasks/main.yml - atmosphere

blob: d364282254abf1319f34932f82e031a6bec0255b [file] [log] [blame]

Mohammed Naser	096ade0	2022-12-15 09:53:33 -0500	[diff] [blame]	1	# Copyright (c) 2022 VEXXHOST, Inc.
				2	#
				3	# Licensed under the Apache License, Version 2.0 (the "License"); you may
				4	# not use this file except in compliance with the License. You may obtain
				5	# a copy of the License at
				6	#
				7	# http://www.apache.org/licenses/LICENSE-2.0
				8	#
				9	# Unless required by applicable law or agreed to in writing, software
				10	# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
				11	# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
				12	# License for the specific language governing permissions and limitations
				13	# under the License.
				14
Mohammed Naser	fef6942	2023-01-18 02:38:06 +0000	[diff] [blame]	15	# NOTE(mnaser): We should get rid of this task eventually as it is suspending
				16	# the old HelmRelease and removing it to avoid uninstalling the
				17	# Helm chart.
				18	- name: Uninstall the legacy HelmRelease
				19	run_once: true
				20	block:
				21	- name: Suspend the existing HelmRelease
Mohammed Naser	f0314a8	2023-04-11 18:53:30 +0000	[diff] [blame]	22	failed_when: false
Mohammed Naser	fef6942	2023-01-18 02:38:06 +0000	[diff] [blame]	23	kubernetes.core.k8s:
				24	state: patched
				25	api_version: helm.toolkit.fluxcd.io/v2beta1
				26	kind: HelmRelease
Mohammed Naser	2145fc3	2023-01-29 23:23:03 +0000	[diff] [blame]	27	name: "{{ magnum_helm_release_name }}"
				28	namespace: "{{ magnum_helm_release_namespace }}"
Mohammed Naser	fef6942	2023-01-18 02:38:06 +0000	[diff] [blame]	29	definition:
				30	spec:
				31	suspend: true
				32
				33	- name: Remove the existing HelmRelease
Mohammed Naser	f0314a8	2023-04-11 18:53:30 +0000	[diff] [blame]	34	failed_when: false
Mohammed Naser	fef6942	2023-01-18 02:38:06 +0000	[diff] [blame]	35	kubernetes.core.k8s:
				36	state: absent
				37	api_version: helm.toolkit.fluxcd.io/v2beta1
				38	kind: HelmRelease
Mohammed Naser	2145fc3	2023-01-29 23:23:03 +0000	[diff] [blame]	39	name: "{{ magnum_helm_release_name }}"
				40	namespace: "{{ magnum_helm_release_namespace }}"
Mohammed Naser	fef6942	2023-01-18 02:38:06 +0000	[diff] [blame]	41
Mohammed Naser	65850fd	2023-02-22 21:36:27 -0500	[diff] [blame]	42	- name: Install "clusterctl"
				43	ansible.builtin.get_url:
				44	url: "{{ magnum_clusterctl_url }}"
				45	dest: /usr/local/bin/clusterctl
Mohammed Naser	2fec641	2023-03-01 12:55:37 +0000	[diff] [blame]	46	mode: "0755"
Mohammed Naser	65850fd	2023-02-22 21:36:27 -0500	[diff] [blame]	47	owner: root
				48	group: root
				49
				50	- name: Create a configuration file
				51	ansible.builtin.copy:
				52	content: "{{ magnum_clusterctl_config \| to_nice_yaml }}"
				53	dest: "{{ magnum_clusterctl_config_file }}"
Mohammed Naser	2fec641	2023-03-01 12:55:37 +0000	[diff] [blame]	54	mode: "0644"
Mohammed Naser	65850fd	2023-02-22 21:36:27 -0500	[diff] [blame]	55	owner: root
				56	group: root
				57
				58	- name: Initialize the management cluster
okozachenko1203	19b530e	2023-01-27 23:52:04 +1100	[diff] [blame]	59	run_once: true
okozachenko1203	5b9d0f1	2023-01-28 01:24:40 +1100	[diff] [blame]	60	changed_when: false
Mohammed Naser	65850fd	2023-02-22 21:36:27 -0500	[diff] [blame]	61	ansible.builtin.command: \|
				62	clusterctl init \
				63	--config {{ magnum_clusterctl_config_file }} \
				64	--core cluster-api:v1.3.3 \
				65	--bootstrap kubeadm:v1.3.3 \
				66	--control-plane kubeadm:v1.3.3 \
Oleksandr Kozachenko	9217570	2023-03-03 09:55:29 +0100	[diff] [blame]	67	--infrastructure openstack:v0.7.1
Mohammed Naser	65850fd	2023-02-22 21:36:27 -0500	[diff] [blame]	68	environment:
				69	CLUSTER_TOPOLOGY: "true"
				70	EXP_CLUSTER_RESOURCE_SET: "true"
okozachenko1203	19b530e	2023-01-27 23:52:04 +1100	[diff] [blame]	71
Mohammed Naser	7943cf8	2023-02-23 04:31:30 +0000	[diff] [blame]	72	- name: Deploy Cluster API for Magnum RBAC
				73	kubernetes.core.k8s:
				74	state: present
				75	definition:
				76	- apiVersion: v1
				77	kind: Namespace
				78	metadata:
				79	name: magnum-system
				80
Mohammed Naser	1588236	2023-04-04 20:38:56 +0000	[diff] [blame]	81	# TODO(mnaser): This should be removed once we have a proper Helm chart
				82	# for Cluster API for Magnum.
Mohammed Naser	7943cf8	2023-02-23 04:31:30 +0000	[diff] [blame]	83	- apiVersion: rbac.authorization.k8s.io/v1
Mohammed Naser	1588236	2023-04-04 20:38:56 +0000	[diff] [blame]	84	kind: ClusterRoleBinding
Mohammed Naser	7943cf8	2023-02-23 04:31:30 +0000	[diff] [blame]	85	metadata:
				86	name: magnum-cluster-api
Mohammed Naser	7943cf8	2023-02-23 04:31:30 +0000	[diff] [blame]	87	roleRef:
				88	apiGroup: rbac.authorization.k8s.io
Mohammed Naser	1588236	2023-04-04 20:38:56 +0000	[diff] [blame]	89	kind: ClusterRole
				90	name: cluster-admin
Mohammed Naser	7943cf8	2023-02-23 04:31:30 +0000	[diff] [blame]	91	subjects:
				92	- kind: ServiceAccount
				93	name: magnum-conductor
				94	namespace: "{{ magnum_helm_release_namespace }}"
				95
Mohammed Naser	fef6942	2023-01-18 02:38:06 +0000	[diff] [blame]	96	- name: Deploy Helm chart
				97	run_once: true
				98	kubernetes.core.helm:
Mohammed Naser	2145fc3	2023-01-29 23:23:03 +0000	[diff] [blame]	99	name: "{{ magnum_helm_release_name }}"
				100	chart_ref: "{{ magnum_helm_chart_ref }}"
				101	release_namespace: "{{ magnum_helm_release_namespace }}"
Mohammed Naser	fef6942	2023-01-18 02:38:06 +0000	[diff] [blame]	102	create_namespace: true
				103	kubeconfig: /etc/kubernetes/admin.conf
Mohammed Naser	2145fc3	2023-01-29 23:23:03 +0000	[diff] [blame]	104	values: "{{ _magnum_helm_values \| combine(magnum_helm_values, recursive=True) }}"
Mohammed Naser	096ade0	2022-12-15 09:53:33 -0500	[diff] [blame]	105
Mohammed Naser	f0314a8	2023-04-11 18:53:30 +0000	[diff] [blame]	106	- name: Deploy "magnum-cluster-api-proxy"
				107	run_once: true
				108	kubernetes.core.k8s:
				109	state: present
				110	definition:
				111	- apiVerison: v1
				112	kind: ConfigMap
				113	metadata:
				114	name: magnum-cluster-api-proxy-config
				115	namespace: "{{ magnum_helm_release_namespace }}"
				116	data:
				117	magnum_capi_sudoers: \|
				118	Defaults !requiretty
				119	Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/var/lib/openstack/bin:/var/lib/kolla/venv/bin"
				120	magnum ALL = (root) NOPASSWD: /var/lib/openstack/bin/privsep-helper
				121
				122	- apiVersion: apps/v1
				123	kind: DaemonSet
				124	metadata:
				125	name: magnum-cluster-api-proxy
				126	namespace: openstack
				127	labels:
				128	application: magnum
				129	component: cluster-api-proxy
				130	spec:
				131	selector:
				132	matchLabels:
				133	application: magnum
				134	component: cluster-api-proxy
				135	template:
				136	metadata:
				137	labels:
				138	application: magnum
				139	component: cluster-api-proxy
				140	spec:
				141	containers:
				142	- name: magnum-cluster-api-proxy
				143	command: ["magnum-cluster-api-proxy"]
				144	image: "{{ atmosphere_images['magnum_cluster_api_proxy'] \| vexxhost.kubernetes.docker_image('ref') }}"
				145	securityContext:
				146	privileged: true
				147	readOnlyRootFilesystem: true
				148	volumeMounts:
				149	- name: pod-tmp
				150	mountPath: /tmp
				151	- name: pod-run
				152	mountPath: /run
				153	- name: config
				154	mountPath: /etc/sudoers.d/magnum_capi_sudoers
				155	subPath: magnum_capi_sudoers
				156	readOnly: true
				157	- name: haproxy-state
				158	mountPath: /var/lib/magnum/.magnum-cluster-api-proxy
				159	- name: host-run-netns
				160	mountPath: /run/netns
				161	mountPropagation: Bidirectional
				162	nodeSelector:
				163	openstack-control-plane: enabled
				164	securityContext:
				165	runAsUser: 42424
				166	serviceAccountName: magnum-conductor
				167	volumes:
				168	- name: pod-tmp
				169	emptyDir: {}
				170	- name: pod-run
				171	emptyDir: {}
				172	- name: config
				173	configMap:
				174	name: magnum-cluster-api-proxy-config
				175	- name: haproxy-state
				176	emptyDir: {}
				177	- name: host-run-netns
				178	hostPath:
				179	path: /run/netns
				180
Mohammed Naser	4c33bb5	2023-01-18 03:23:18 +0000	[diff] [blame]	181	- name: Create Ingress
				182	ansible.builtin.include_role:
				183	name: openstack_helm_ingress
				184	vars:
				185	openstack_helm_ingress_endpoint: container_infra
				186	openstack_helm_ingress_service_name: magnum-api
				187	openstack_helm_ingress_service_port: 9511
Mohammed Naser	2145fc3	2023-01-29 23:23:03 +0000	[diff] [blame]	188	openstack_helm_ingress_annotations: "{{ magnum_ingress_annotations }}"
Mohammed Naser	4c33bb5	2023-01-18 03:23:18 +0000	[diff] [blame]	189
okozachenko1203	19b530e	2023-01-27 23:52:04 +1100	[diff] [blame]	190	- name: Deploy magnum registry
Mohammed Naser	65850fd	2023-02-22 21:36:27 -0500	[diff] [blame]	191	run_once: true
Mohammed Naser	096ade0	2022-12-15 09:53:33 -0500	[diff] [blame]	192	kubernetes.core.k8s:
				193	state: present
				194	definition:
				195	- apiVersion: v1
				196	kind: PersistentVolumeClaim
				197	metadata:
				198	labels:
				199	application: magnum
				200	component: registry
				201	name: magnum-registry
Mohammed Naser	756b717	2023-02-03 04:01:53 +0000	[diff] [blame]	202	namespace: "{{ magnum_helm_release_namespace }}"
Mohammed Naser	096ade0	2022-12-15 09:53:33 -0500	[diff] [blame]	203	spec:
				204	accessModes:
				205	- ReadWriteOnce
				206	resources:
				207	requests:
				208	storage: 50Gi
Mohammed Naser	096ade0	2022-12-15 09:53:33 -0500	[diff] [blame]	209
				210	- apiVersion: apps/v1
				211	kind: Deployment
				212	metadata:
				213	labels:
				214	application: magnum
				215	component: registry
				216	name: magnum-registry
Mohammed Naser	756b717	2023-02-03 04:01:53 +0000	[diff] [blame]	217	namespace: "{{ magnum_helm_release_namespace }}"
Mohammed Naser	096ade0	2022-12-15 09:53:33 -0500	[diff] [blame]	218	spec:
				219	replicas: 1
				220	selector:
				221	matchLabels:
				222	application: magnum
				223	component: registry
				224	strategy:
				225	type: Recreate
				226	template:
				227	metadata:
				228	labels:
				229	application: magnum
				230	component: registry
				231	spec:
				232	containers:
				233	- name: registry
				234	env:
				235	- name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY
				236	value: /var/lib/registry
				237	- name: REGISTRY_COMPATIBILITY_SCHEMA1_ENABLED
				238	value: "true"
Mohammed Naser	31171f4	2023-03-19 00:10:46 +0000	[diff] [blame]	239	image: "{{ atmosphere_images['magnum_registry'] \| vexxhost.kubernetes.docker_image('ref') }}"
Mohammed Naser	096ade0	2022-12-15 09:53:33 -0500	[diff] [blame]	240	ports:
				241	- containerPort: 5000
				242	name: registry
				243	protocol: TCP
				244	livenessProbe:
				245	httpGet:
				246	path: /
				247	port: 5000
				248	scheme: HTTP
				249	readinessProbe:
				250	httpGet:
				251	path: /
				252	port: 5000
				253	scheme: HTTP
				254	volumeMounts:
				255	- mountPath: /var/lib/registry
				256	name: magnum-registry
				257	nodeSelector:
				258	openstack-control-plane: enabled
				259	volumes:
				260	- name: magnum-registry
				261	persistentVolumeClaim:
				262	claimName: magnum-registry
				263
				264	- apiVersion: v1
				265	kind: Service
				266	metadata:
				267	labels:
				268	application: magnum
				269	component: registry
				270	name: magnum-registry
Mohammed Naser	756b717	2023-02-03 04:01:53 +0000	[diff] [blame]	271	namespace: "{{ magnum_helm_release_namespace }}"
Mohammed Naser	096ade0	2022-12-15 09:53:33 -0500	[diff] [blame]	272	spec:
				273	ports:
				274	- name: magnum
				275	port: 5000
				276	protocol: TCP
				277	targetPort: 5000
				278	selector:
				279	application: magnum
				280	component: registry
				281	type: ClusterIP
				282
				283	- apiVersion: batch/v1
				284	kind: Job
				285	metadata:
Mohammed Naser	756b717	2023-02-03 04:01:53 +0000	[diff] [blame]	286	name: magnum-registry-init
				287	namespace: "{{ magnum_helm_release_namespace }}"
Mohammed Naser	096ade0	2022-12-15 09:53:33 -0500	[diff] [blame]	288	labels:
				289	application: magnum
				290	component: registry
Mohammed Naser	096ade0	2022-12-15 09:53:33 -0500	[diff] [blame]	291	spec:
				292	backoffLimit: 5
				293	template:
				294	metadata:
				295	labels:
				296	application: magnum
				297	spec:
				298	restartPolicy: OnFailure
				299	containers:
Mohammed Naser	756b717	2023-02-03 04:01:53 +0000	[diff] [blame]	300	- name: loader
Mohammed Naser	31171f4	2023-03-19 00:10:46 +0000	[diff] [blame]	301	image: "{{ atmosphere_images['magnum_api'] \| vexxhost.kubernetes.docker_image('ref') }}"
Mohammed Naser	756b717	2023-02-03 04:01:53 +0000	[diff] [blame]	302	command:
				303	- magnum-cluster-api-image-loader
				304	- --insecure
				305	- --repository
				306	- magnum-registry.openstack.svc.cluster.local:5000
Mohammed Naser	096ade0	2022-12-15 09:53:33 -0500	[diff] [blame]	307	nodeSelector:
				308	openstack-control-plane: enabled
				309
Mohammed Naser	096ade0	2022-12-15 09:53:33 -0500	[diff] [blame]	310	- name: Create magnum registry Ingress
				311	ansible.builtin.include_role:
				312	name: openstack_helm_ingress
				313	vars:
				314	openstack_helm_ingress_endpoint: container_infra_registry
				315	openstack_helm_ingress_service_name: magnum-registry
				316	openstack_helm_ingress_service_port: 5000
Mohammed Naser	756b717	2023-02-03 04:01:53 +0000	[diff] [blame]	317	openstack_helm_ingress_annotations: "{{ _magnum_registry_ingress_annotations \| combine(magnum_registry_ingress_annotations) }}"
Mohammed Naser	096ade0	2022-12-15 09:53:33 -0500	[diff] [blame]	318
Mohammed Naser	4b63004	2023-02-07 20:47:45 +0000	[diff] [blame]	319	- name: Upload images
				320	ansible.builtin.include_role:
				321	name: glance_image
				322	loop: "{{ magnum_images }}"
				323	vars:
				324	glance_image_name: "{{ item.name }}"
				325	glance_image_url: "{{ item.url }}"
				326	glance_image_container_format: "{{ magnum_image_container_format }}"
				327	glance_image_disk_format: "{{ magnum_image_disk_format }}"
Mohammed Naser	38a7438	2023-02-07 22:48:11 +0000	[diff] [blame]	328	glance_image_properties:
				329	os_distro: "{{ item.distro }}"